| 摘要 |
A method and system for role-based access control enforced by an Operating System filesystem are provided. A file representing a resource is created and stored in the Operating System filesystem. A user requests access to the resource and provides user-identifying information and a resource identifier. An access identifier is created based on the user-identifying information and the resource identifier, and is formatted as the file attribute used by the Operating System to manage file access. A system call to the Operating System is made to perform an operation on the file representing the resource, where the system call uses the access identifier to gain access to the file. The user is granted access to the resource only if the operating system successfully performs the operation on the file representing the resource.
|
